use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.
the class AccessIT method removePermissionRulesAndCleanupEmptyEntries.
@Test
public void removePermissionRulesAndCleanupEmptyEntries() throws Exception {
// Add initial permission set
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = createDefaultAccessSectionInfo();
accessInput.add.put(REFS_HEADS, accessSectionInfo);
pApi.access(accessInput);
// Remove specific permission rules
AccessSectionInfo accessSectionToRemove = newAccessSectionInfo();
PermissionInfo codeReview = newPermissionInfo();
codeReview.label = LABEL_CODE_REVIEW;
PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false);
codeReview.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
pri = new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false);
codeReview.rules.put(SystemGroupBackend.PROJECT_OWNERS.get(), pri);
accessSectionToRemove.permissions.put(Permission.LABEL + LABEL_CODE_REVIEW, codeReview);
ProjectAccessInput removal = newProjectAccessInput();
removal.remove.put(REFS_HEADS, accessSectionToRemove);
pApi.access(removal);
// Remove locally
accessInput.add.get(REFS_HEADS).permissions.remove(Permission.LABEL + LABEL_CODE_REVIEW);
// Check
assertThat(pApi.access().local).isEqualTo(accessInput.add);
}
use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.
the class AccessIT method addNonGlobalCapabilityToGlobalCapabilities.
@Test
public void addNonGlobalCapabilityToGlobalCapabilities() throws Exception {
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo permissionInfo = newPermissionInfo();
permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
accessSectionInfo.permissions.put(Permission.PUSH, permissionInfo);
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
exception.expect(BadRequestException.class);
gApi.projects().name(allProjects.get()).access(accessInput);
}
use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.
the class AccessIT method createDefaultGlobalCapabilitiesAccessSectionInfo.
private AccessSectionInfo createDefaultGlobalCapabilitiesAccessSectionInfo() {
AccessSectionInfo accessSection = newAccessSectionInfo();
PermissionInfo email = newPermissionInfo();
PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
email.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
accessSection.permissions.put(GlobalCapability.EMAIL_REVIEWERS, email);
return accessSection;
}
use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.
the class AccessIT method removeGlobalCapabilityAsAdmin.
@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo permissionInfo = newPermissionInfo();
permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
// Add and validate first as removing existing privileges such as
// administrateServer would break upcoming tests
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
// Remove
accessInput.add.clear();
accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsNoneIn(accessSectionInfo.permissions.keySet());
}
use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.
the class SetAccess method getAccessSections.
private List<AccessSection> getAccessSections(Map<String, AccessSectionInfo> sectionInfos) throws UnprocessableEntityException {
if (sectionInfos == null) {
return Collections.emptyList();
}
List<AccessSection> sections = new ArrayList<>(sectionInfos.size());
for (Map.Entry<String, AccessSectionInfo> entry : sectionInfos.entrySet()) {
AccessSection accessSection = new AccessSection(entry.getKey());
if (entry.getValue().permissions == null) {
continue;
}
for (Map.Entry<String, PermissionInfo> permissionEntry : entry.getValue().permissions.entrySet()) {
Permission p = new Permission(permissionEntry.getKey());
if (permissionEntry.getValue().exclusive != null) {
p.setExclusiveGroup(permissionEntry.getValue().exclusive);
}
if (permissionEntry.getValue().rules == null) {
continue;
}
for (Map.Entry<String, PermissionRuleInfo> permissionRuleInfoEntry : permissionEntry.getValue().rules.entrySet()) {
PermissionRuleInfo pri = permissionRuleInfoEntry.getValue();
GroupDescription.Basic group = groupsCollection.parseId(permissionRuleInfoEntry.getKey());
if (group == null) {
throw new UnprocessableEntityException(permissionRuleInfoEntry.getKey() + " is not a valid group ID");
}
PermissionRule r = new PermissionRule(GroupReference.forGroup(group));
if (pri != null) {
if (pri.max != null) {
r.setMax(pri.max);
}
if (pri.min != null) {
r.setMin(pri.min);
}
r.setAction(GetAccess.ACTION_TYPE.inverse().get(pri.action));
if (pri.force != null) {
r.setForce(pri.force);
}
}
p.add(r);
}
accessSection.getPermissions().add(p);
}
sections.add(accessSection);
}
return sections;
}
Aggregations